Changes to create fresh destination scripts

Make channel_keys_id optional

Check output spent script with both old and new destination script

Add a parameter for new_style_derivation

Derive key from channel_keys_id for spending side

Using new derivation index if the bool value is not set

Create new master key for fresh destination script

Update keysinterface impl in fuzz

Author: vss96

fuzz/src/chanmon_consistency.rs

@@ -169,7 +169,7 @@ impl KeysInterface for KeyProvider {
 		KeyMaterial([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, self.node_id])
 	}
 
-	fn get_destination_script(&self) -> Script {
+	fn get_destination_script(&self, _channel_keys_id : [u8; 32]) -> Script {
 		let secp_ctx = Secp256k1::signing_only();
 		let channel_monitor_claim_key = SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, self.node_id]).unwrap();
 		let our_channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());

fuzz/src/full_stack.rs

@@ -273,7 +273,7 @@ impl KeysInterface for KeyProvider {
 		self.inbound_payment_key.clone()
 	}
 
-	fn get_destination_script(&self) -> Script {
+	fn get_destination_script(&self, _channel_keys_id : [u8; 32]) -> Script {
 		let secp_ctx = Secp256k1::signing_only();
 		let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
 		let our_channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());

lightning/src/chain/channelmonitor.rs

@@ -2922,6 +2922,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				spendable_output =  Some(SpendableOutputDescriptor::StaticOutput {
 					outpoint: OutPoint { txid: tx.txid(), index: i as u16 },
 					output: outp.clone(),
+					channel_keys_id: Some(self.channel_keys_id),
 				});
 				break;
 			}
@@ -2952,6 +2953,7 @@ impl<Signer: Sign> ChannelMonitorImpl<Signer> {
 				spendable_output = Some(SpendableOutputDescriptor::StaticOutput {
 					outpoint: OutPoint { txid: tx.txid(), index: i as u16 },
 					output: outp.clone(),
+					channel_keys_id: Some(self.channel_keys_id),
 				});
 				break;
 			}

lightning/src/chain/keysinterface.rs

@@ -137,6 +137,10 @@ pub enum SpendableOutputDescriptor {
 		outpoint: OutPoint,
 		/// The output which is referenced by the given outpoint.
 		output: TxOut,
+		/// Arbitrary identification information returned by a call to
+		/// `Sign::channel_keys_id()`. This may be useful in re-deriving keys used in
+		/// the channel to spend the output.
+		channel_keys_id: Option<[u8; 32]>
 	},
 	/// An output to a P2WSH script which can be spent with a single signature after a CSV delay.
 	///
@@ -181,6 +185,7 @@ impl_writeable_tlv_based_enum!(SpendableOutputDescriptor,
 	(0, StaticOutput) => {
 		(0, outpoint, required),
 		(2, output, required),
+		(3, channel_keys_id, option),
 	},
 ;
 	(1, DelayedPaymentOutput),
@@ -406,7 +411,7 @@ pub trait KeysInterface {
 	///
 	/// This method should return a different value each time it is called, to avoid linking
 	/// on-chain funds across channels as controlled to the same user.
-	fn get_destination_script(&self) -> Script;
+	fn get_destination_script(&self, channel_keys_id : [u8; 32]) -> Script;
 	/// Get a script pubkey which we will send funds to when closing a channel.
 	///
 	/// This method should return a different value each time it is called, to avoid linking
@@ -846,7 +851,7 @@ pub struct KeysManager {
 	node_secret: SecretKey,
 	inbound_payment_key: KeyMaterial,
 	destination_script: Script,
-	shutdown_pubkey: PublicKey,
+	shutdown_pubkey: ExtendedPubKey,
 	channel_master_key: ExtendedPrivKey,
 	channel_child_index: AtomicUsize,
 
@@ -857,6 +862,7 @@ pub struct KeysManager {
 	seed: [u8; 32],
 	starting_time_secs: u64,
 	starting_time_nanos: u32,
+	new_style_derivation: bool,
 }
 
 impl KeysManager {
@@ -895,7 +901,7 @@ impl KeysManager {
 					Err(_) => panic!("Your RNG is busted"),
 				};
 				let shutdown_pubkey = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(2).unwrap()) {
-					Ok(shutdown_key) => ExtendedPubKey::from_private(&secp_ctx, &shutdown_key).public_key.key,
+					Ok(shutdown_key) => ExtendedPubKey::from_private(&secp_ctx, &shutdown_key),
 					Err(_) => panic!("Your RNG is busted"),
 				};
 				let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3).unwrap()).expect("Your RNG is busted");
@@ -913,7 +919,6 @@ impl KeysManager {
 					secp_ctx,
 					node_secret,
 					inbound_payment_key: KeyMaterial(inbound_pmt_key_bytes),
-
 					destination_script,
 					shutdown_pubkey,
 
@@ -927,6 +932,7 @@ impl KeysManager {
 					seed: *seed,
 					starting_time_secs,
 					starting_time_nanos,
+        			new_style_derivation: true,
 				};
 				let secp_seed = res.get_secure_random_bytes();
 				res.secp_ctx.seeded_randomize(&secp_seed);
@@ -1031,7 +1037,7 @@ impl KeysManager {
 					input_value += descriptor.output.value;
 					if !output_set.insert(descriptor.outpoint) { return Err(()); }
 				},
-				SpendableOutputDescriptor::StaticOutput { ref outpoint, ref output } => {
+				SpendableOutputDescriptor::StaticOutput { ref outpoint, ref output, .. } => {
 					input.push(TxIn {
 						previous_output: outpoint.into_bitcoin_outpoint(),
 						script_sig: Script::new(),
@@ -1074,12 +1080,17 @@ impl KeysManager {
 					}
 					spend_tx.input[input_idx].witness = keys_cache.as_ref().unwrap().0.sign_dynamic_p2wsh_input(&spend_tx, input_idx, &descriptor, &secp_ctx)?;
 				},
-				SpendableOutputDescriptor::StaticOutput { ref output, .. } => {
+				SpendableOutputDescriptor::StaticOutput { ref output, channel_keys_id,.. } => {
+					
+					let destination_script = channel_keys_id.map_or_else(|| self.destination_script.clone(),|s| self.get_destination_script(s));
 					let derivation_idx = if output.script_pubkey == self.destination_script {
 						1
+					} else if output.script_pubkey == destination_script && channel_keys_id.is_some() {
+						byte_utils::slice_to_be64(&channel_keys_id.unwrap()[0..8]) as u32
 					} else {
 						2
 					};
+					
 					let secret = {
 						// Note that when we aren't serializing the key, network doesn't matter
 						match ExtendedPrivKey::new_master(Network::Testnet, &self.seed) {
@@ -1094,7 +1105,7 @@ impl KeysManager {
 					};
 					let pubkey = ExtendedPubKey::from_private(&secp_ctx, &secret).public_key;
 					if derivation_idx == 2 {
-						assert_eq!(pubkey.key, self.shutdown_pubkey);
+						assert_eq!(pubkey.key, self.shutdown_pubkey.public_key.key);
 					}
 					let witness_script = bitcoin::Address::p2pkh(&pubkey, Network::Testnet).script_pubkey();
 					let payment_script = bitcoin::Address::p2wpkh(&pubkey, Network::Testnet).expect("uncompressed key found").script_pubkey();
@@ -1134,12 +1145,30 @@ impl KeysInterface for KeysManager {
 		self.inbound_payment_key.clone()
 	}
 
-	fn get_destination_script(&self) -> Script {
-		self.destination_script.clone()
+	fn get_destination_script(&self, channel_keys_id : [u8; 32]) -> Script {
+		let derivation_idx = if self.new_style_derivation {
+			byte_utils::slice_to_be64(&channel_keys_id[0..8])
+		} else {
+			3
+		};
+		match ExtendedPrivKey::new_master(Network::Testnet, &self.seed) {
+			Ok(master_key) => {
+				match master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(derivation_idx as u32).expect("key space exhausted")){
+					Ok(destination_key) => {
+						let wpubkey_hash = WPubkeyHash::hash(&ExtendedPubKey::from_private(&self.secp_ctx, &destination_key).public_key.to_bytes());
+						Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
+									  .push_slice(&wpubkey_hash.into_inner())
+									  .into_script()
+					},
+					Err(_) => panic!("Your RNG is busted"),
+				}
+			}
+			Err(_) => panic!("Your RNG is busted")
+		}
 	}
 
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript {
-		ShutdownScript::new_p2wpkh_from_pubkey(self.shutdown_pubkey.clone())
+		ShutdownScript::new_p2wpkh_from_pubkey(self.shutdown_pubkey.public_key.key.clone())
 	}
 
 	fn get_channel_signer(&self, _inbound: bool, channel_value_satoshis: u64) -> Self::Signer {
@@ -1218,8 +1247,8 @@ impl KeysInterface for PhantomKeysManager {
 		self.inbound_payment_key.clone()
 	}
 
-	fn get_destination_script(&self) -> Script {
-		self.inner.get_destination_script()
+	fn get_destination_script(&self, channel_keys_id: [u8; 32]) -> Script {
+		self.inner.get_destination_script(channel_keys_id)
 	}
 
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript {

lightning/src/ln/channel.rs

@@ -846,7 +846,7 @@ impl<Signer: Sign> Channel<Signer> {
 				return Err(APIError::IncompatibleShutdownScript { script: shutdown_scriptpubkey.clone() });
 			}
 		}
-
+		let channel_keys_id = holder_signer.channel_keys_id();
 		Ok(Channel {
 			user_id,
 			config: config.channel_options.clone(),
@@ -862,7 +862,7 @@ impl<Signer: Sign> Channel<Signer> {
 
 			holder_signer,
 			shutdown_scriptpubkey,
-			destination_script: keys_provider.get_destination_script(),
+			destination_script: keys_provider.get_destination_script(channel_keys_id),
 
 			cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
 			cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
@@ -1148,6 +1148,7 @@ impl<Signer: Sign> Channel<Signer> {
 
 		let mut secp_ctx = Secp256k1::new();
 		secp_ctx.seeded_randomize(&keys_provider.get_secure_random_bytes());
+		let channel_keys_id = holder_signer.channel_keys_id();
 
 		let chan = Channel {
 			user_id,
@@ -1163,7 +1164,7 @@ impl<Signer: Sign> Channel<Signer> {
 
 			holder_signer,
 			shutdown_scriptpubkey,
-			destination_script: keys_provider.get_destination_script(),
+			destination_script: keys_provider.get_destination_script(channel_keys_id),
 
 			cur_holder_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
 			cur_counterparty_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
@@ -6249,7 +6250,7 @@ mod tests {
 
 		fn get_node_secret(&self, _recipient: Recipient) -> Result<SecretKey, ()> { panic!(); }
 		fn get_inbound_payment_key_material(&self) -> KeyMaterial { panic!(); }
-		fn get_destination_script(&self) -> Script {
+		fn get_destination_script(&self, channel_keys_id: [u8; 32]) -> Script {
 			let secp_ctx = Secp256k1::signing_only();
 			let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
 			let channel_monitor_claim_key_hash = WPubkeyHash::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());

lightning/src/util/test_utils.rs

@@ -72,7 +72,7 @@ impl keysinterface::KeysInterface for OnlyReadsKeysInterface {
 
 	fn get_node_secret(&self, _recipient: Recipient) -> Result<SecretKey, ()> { unreachable!(); }
 	fn get_inbound_payment_key_material(&self) -> KeyMaterial { unreachable!(); }
-	fn get_destination_script(&self) -> Script { unreachable!(); }
+	fn get_destination_script(&self, _channel_keys_id : [u8; 32]) -> Script { unreachable!(); }
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript { unreachable!(); }
 	fn get_channel_signer(&self, _inbound: bool, _channel_value_satoshis: u64) -> EnforcingSigner { unreachable!(); }
 	fn get_secure_random_bytes(&self) -> [u8; 32] { [0; 32] }
@@ -487,7 +487,7 @@ impl keysinterface::KeysInterface for TestKeysInterface {
 	fn get_inbound_payment_key_material(&self) -> keysinterface::KeyMaterial {
 		self.backing.get_inbound_payment_key_material()
 	}
-	fn get_destination_script(&self) -> Script { self.backing.get_destination_script() }
+	fn get_destination_script(&self, channel_keys_id: [u8; 32]) -> Script { self.backing.get_destination_script(channel_keys_id) }
 
 	fn get_shutdown_scriptpubkey(&self) -> ShutdownScript {
 		match &mut *self.expectations.lock().unwrap() {